SYNOPSIS

DESCRIPTION

This manual page briefly documents each of the attack-toolkit6 tools. Not all options are listed here, to see the full list of options of each tool please invoke them with -h.

Note that on Debian (if you read this on Debian) command names are prefixed with atk6- , so for example the tool alive6 should be invoked as atk6-alive6. This is a Debian-only modification.

address6 <mac-address/ipv4-address/ipv6-address> [ipv6-prefix]

Converts a mac or ipv4 address to an ipv6 address (link local if no prefix is given as 2nd option) or, when given an ipv6 address, prints the mac or ipv4 address. Prints all possible variations. Returns -1 on errors or the number of variations found.

alive6 <interface> [unicast-or-multicast-address [remote-router]]

Shows alive addresses in the segment. If you specify a remote router, the packets are sent with a routing header prefixed by fragmentation.

covert_send6 <interface> <target> <file> [port]

Sends the content of FILE covertly to the target.

covert_send6d <interface> <file>

Writes received covertly content to FILE.

denial6 <interface> <destination> <test-case-number>

Performs various denial of service attacks on a target.

detect_sniffer6 <interface> [target-ip]

Tests if systems on the local LAN are sniffing. Works against Windows, Linux, OS/X and *BSD systems.

dnssecwalk [-e46] <dns-server> <domain>

Performs DNSSEC NSEC walking.

dos_mld <interface>

This tools prevents new ipv6 interfaces to come up, by sending answers to duplicate ip6 checks (DAD). This results in a DOS for new ipv6 devices.

dos-new-ip6 <interface>

This tools prevents new ipv6 interfaces to come up, by sending answers to duplicate ip6 checks (DAD). This results in a DOS for new ipv6 devices.

detect-new-ip6 <interface> [scriptname]

This tools detects new ipv6 addresses joining the local network. If scriptname is supplied, it is executed with the detected IPv6 address as option.

dnsdict6 [-t THREADS] <domain> [dictionary-file]

Enumerates a domain for DNS entries, it uses a dictionary file if supplied or a built-in list otherwise.

dnsrevenum6 <dns-server> <ipv6-address>

Performs a fast reverse DNS enumeration.

dump_router6 <interface>

Dumps all local routers and their information.

dump_dhcp6 <interface>

Dumps all DHCPv6 servers and their information

exploit6 <interface> <destination> [test-case-number]

Performs exploits of various CVE known IPv6 vulnerabilities on the destination.

Performs some ipv6 implementation checks, can be used to test firewalls too.

implementation6d <interface>

Identifies test packets by the implementation6 tool, useful to check what packets passed a firewall.

inject_alive6 [-ap] <interface>

This tool answers to keep-alive requests on PPPoE and 6in4 tunnels; for PPPoE\nit also sends keep-alive requests. Note that the appropriate environment variable THC_IPV6_{PPPOE|6IN4} must be set. Option -a will actively send alive requests every 15 seconds. Option -p will not send replies to alive requests.

inverse_lookup6 <interface> <mac-address>

Performs an inverse address query, to get the IPv6 addresses that are assigned to a MAC address. Note that only few systems support this yet.

kill_router6 <interface> <target-ip>

Announce that target router is going down to delete it from the routing tables. If you supply a '*' as target-ip, this tool will sniff the network for RAs and immediately send the kill packet.

Sends an ICMPv6 node query request to the target and dumps the replies.

parasite6 <interface> [fake-mac]

This is an "ARP spoofer" for IPv6, redirecting all local traffic to your own system (or nirvana if fake-mac does not exist) by answering falsely to Neighbor Solicitation requests, specifying FAKE-MAC results in a local DOS.

passive_discovery6 <interface> [scriptname]

Passively sniffs the network and dump all client's IPv6 addresses detected. If scriptname is supplied, it is called with the detected IPv6 address as first and the interface as second parameters.

Implant a route into victim-ip, which redirects all traffic to destination-ip to new-router. You must know the router which would handle the route. If the new-router and new-router-mac does not exist, this results in a DoS.

rsmurf6 <interface> <victim-ip>

Smurfs the local network of the victim. Note: this depends on an implementation error, currently only verified on Linux (fixed in current versions). Evil: "ff02::1" as victim will DOS your local LAN completely.

smurf6 <interface> <victim-ip> [multicast-network-address]

Smurf the target with ICMPv6 echo replies. Target of echo request is the local all-nodes multicast address if not specified.

sendpees6 <interface> <key_length> <prefix> <victim-ip>

Send SEND neighbor solicitation messages and make target to verify a lota CGA and RSA signatures.